AMENDMENTS TO THE CLAIMS 



1 . (Currently Amended) A method for associating computer network identifications 
interfaces with network policies, said method comprising the steps of: 

analyzing [[a]] one or more network interfaces interface associated with a client computer 
using a plurality of network detectors , including a first detector and a second 
detector, the detectors outputting a set of a plurality of netspecs, each that each output 
anetspec comprising a first token identifying a detector used for the analysis that is a 
detector token having a static value that identifies a specific detector that created the 
netspec and a second token identifying the analyzed network interface that is a value 
that the specific detector uses to uniquely identify the analyzed network interface ; 

determining that a first detector outputted a first netspec for a particular analyzed network 
interface of the one or more network interfaces and that a second detector outputted a 
second netspec for the particular analyzed network interface; 

determining that the first detector that outputs a first notspoc of the sot of notspocs is more 
reliable in observing the particular analyzed network interface interfaces than isthe 




awarding a higher priority to the first netspec than to the second netspec in response to 
the first netspec being output by the first detector and the first detector being more 
reliable than the second detector; 

associating the network identifications made by the first netspec that was awarded the 
higher priority and second netspecs of the set of netspecs with a location that is 
linked to one or more network policies designated by a user to be implemented for 
the location locations based at least in part on the priority order of the first and 
second netspecs ; and 

feeding the associated netspec/location pair network identification/location pairs to a 
network interface module to implement the one or more network policies designated 
for the location desired network policies . 
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2. (Original) The method of claim 1 wherein the network interface module is a module 
from the group of modules consisting of a firewall, a router, a sniffer, an intrusion detection 
module, a behavior blocking module, and a network communications module. 

3. (Original) The method of claim 1 wherein the network interface module is a firewall, 
and a user of the client computer adjusts firewall settings to set network policies based upon 
location. 

4-6. (Canceled) 

7. (Currently Amended) The method of claim 1 wherein the step of associating the first 
netspec with a location the network identifications with locations comprises using a network 
probe to look up locations in a netspec database. 

8. (Currently Amended) The method of claim 7 further comprising receiving 
modifications to the netspec database by a user of the client computer via a location setting 
module containing a user interface by which the uscr[[s]] assigns a location to each of the one or 
more n etspecs or changes an existing location associated with each of the netspecs. 

9. (Currently Amended) The method of claim 1 wherein the step of feeding the 
associated network identification nctspcc /location pairs pair to [[a]] the network interface 
module comprises using a policy guide to feed the network identification netspec/ location paiss 
pair to the network interface module on a real-time basis. 

10. (Currently Amended) An apparatus for associating computer network identifications 
interfaces with network policies, said apparatus comprising: 

a computer-readable storage medium storing executable software means comprising: 
means for analyzing [[a]] one or more network interfaces interface associated with a 
client computer using a plurality of network detectors , including a first 
detector and a second detector, the detectors outputting a sot of a plurality of 
netspecs, each that each output a netspec comprising a first token identifying 
a detector used for the analysis that is a detector token having a static value 
that identifies a specific detector that created the netspec and a second token 
identifying the analyzed network interface that is a value that the specific 
detector uses to uniquely identify the analyzed network interface : 
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coupled to the analyzing means, means determining that a first detector outputted a 
first netspec for a particular analyzed network interface of the one or more 
network interfaces and that a second detector outputted a second netspec for 
the particular analyzed network interface; 

coupled to the analyzing means, means for determining that the first detector that 

outputs a first netspec of the set of netspecs is more reliable in observing the 
particular analyzed network interface interfaces than isthe second detector 
that outputs a second netspec of the set of netspecs ; 

coupled to the determining means, means for awarding a higher priority to the first 
netspec than to the second netspec in response to the first netspec being 
output by the first detector and the first detector being more reliable than the 
second detector; 

coupled to the awarding means, means for associating the network identifications 
made by the first netspec that was awarded the higher priority and second 
n e tsp e cs of th e set of netspecs with a location that is linked to one or more 
network policies designated by a user to be implemented for the location 
locations based at least in part on the priority order of the first and second 

coupled to the associating means, means for feeding the associated netspec/location 
pair network idontificatioMocation pairs to a network interface module to 
implement the one or more network policies designated for the location 
dosirod network policies ; and 
a processor configured to execute the software means stored by the computer-readable 
storage medium. 

1 1 . (Original) The apparatus of claim 10 wherein the network interface module is a 
module from the group of modules consisting of a firewall, a router, a sniffer, an intrusion 
detection module, a behavior blocking module, and a network communications module. 

12. (Original) The apparatus of claim 10 wherein the network interface module is a 
firewall, and the network policies are implemented on a packet-by-packet basis. 
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13. (Original) The apparatus of claim 12 wherein locations are correlated with firewall 
settings on a distributed basis within the firewall. 
14-15. (Canceled) 

16. (Currently amended) The apparatus of claim 10 wherein the associating means 
further comprises: 

a netspec database associating the netspecs with the locations. 

17. (Previously Presented) The apparatus of claim 16 further comprising, coupled to the 
netspec database, a location setting module adapted to enable a user of the client computer to 
associate the locations with the netspecs. 

18. (Currently Amended) The apparatus of claim 10 wherein the feeding means 
comprises: 

a policy guide for associating the network identifications netspecs with the 
locations; wherein 

the network interface module implements the network policies based upon the 
locations fed to the network interface module by the policy guide. 

19. (Currently Amended) The apparatus of claim 10 further comprising, coupled to the 
network interface module, a user interface adapted to enable a user of the client computer to 
associate the locations with the network policies. 

20. (Canceled) 

21. (Currently Amended) At least one computer-readable medium containing computer 
program instructions for associating computer network identifications interfaces with network 
policies, said computer program instructions performing the steps of: 

analyzing [[a]] one or more network interfaces interface associated with a client computer 
using a plurality of network detectors , including a first detector and a second 
detector, the detectors outputting a sot of a plurality of netspecs, each that each output 
anetspec comprising a first token identifying a detector used for the analysis that is a 
detector token having a static value that identifies a specific detector that created the 
netspec and a second token identifying the analyzed network interface that is a value 
that the specific detector uses to uniquely identify the analyzed network interface ; 
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determining that a first detector outputted a first netspec for a particular analyzed network 
interface of the one or more network interfaces and that a second detector outputted a 
second netspec for the particular analyzed network interface; 

determining that the first detector that outputs a first netspec of the set of netspecs is more 
reliable in observing the particular analyzed network interface interfaces than isthe 
second detector that outputs a second netspec of the set of netspecs ; 

awarding a higher priority to the first netspec than to the second netspec in response to 
the first netspec being output by the first detector and the first detector being more 
reliable than the second detector; 

associating the network identifications made by the first netspec that was awarded the 
higher priority and second netspecs of the set of netspecs with a location that is 
linked to one or more network policies designated by a user to be implemented for 
the location locations based at least in part on the priority order of the first and 
s e cond n e tsp e cs ; and 

feeding the_associated netspcc/location pair network identification/location pairs to a 
network interface module to implement the one or more network policies designated 
for the location desired network policies . 

22. (Previously Presented) The method of claim 1, wherein the client computer has a 
plurality of network interfaces and further comprising: 

analyzing each of the plurality of network interfaces using the plurality of network 
detectors; and 

analyzing the netspecs for the plurality of network interfaces output by the 

plurality of network detectors to identify a set of unique network interfaces; 

wherein interfaces in the set of unique network interfaces are associated with 
locations responsive to the priority order. 

23. (Canceled) 

24. (Canceled) 
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25 . (Currently amended) The method of claim 1 , further comprising providing a user 
interface which allows a user of the client computer to set or change the apriority order of the set 
of netspecs. 

26. (Canceled) 

27. (Canceled) 

28. (New) The method of claim 1, wherein associating further comprises: 

looking up a corresponding location identifier for the first netspec in a netspec 
database; and 

associating the particular analyzed network interface with the location identified 
by the corresponding location identifier for the first netspec. 

29. (New) The method of claim 1, wherein the network policies differ for different 
locations. 
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